A new malware strain has infected Mac devices all over the world—most prominently in the U.S. and parts of Europe—though experts can’t decide where it came from or what it does.
The malicious program, discovered by security firm Red Canary and dubbed “Silver Sparrow,” has infected 29,139 macOS endpoints in 153 countries, with the largest infection rates in the U.S., the United Kingdom, France, Germany, and Canada. The program is also one of only a handful of malware strains that are compatible with products powered by Apple’s new M1 chip.
Researchers describe “Sparrow” as a ticking time bomb: the malware doesn’t appear to have any specific function yet. Instead, it lies in wait, checking in on an hourly basis with a control server to see if there are any new commands it should run on infected devices.
“After observing the malware for over a week, neither we nor our research partners observed a final payload, leaving the ultimate goal of Silver Sparrow activity a mystery,” writes Red Canary’s Tony Lambert. “We have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution.” It’s also not totally clear to researchers how devices were infected.
Even more unsettling, “Sparrow” seems designed to erase itself from a computer once it has delivered its payload. The program “includes a file check that causes the removal of all persistence mechanisms and scripts” that “removes all of its components from the endpoint,” Lambert said. Ars Technica writes that such capabilities are typically found in “high stealth operations,” i.e., intrusion campaigns that are surreptitious in nature.
Please check your systems